Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-57963

Chat UI manipulation by injection_CVE-2026-57963

An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the ...

Mozilla Thunderbird 140.12.1 CVE
MEDIUM 5.3 CVE-2026-57962

Denial-of-service via malicious LDAP address-book server_CVE-2026-57962

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of atta...

Mozilla Thunderbird 140.12.1 CVE
MEDIUM 5.9 CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources_CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generate_id method builds the s...

MARKSTOS CGI::Session::ID::md5 CVE
HIGH 7.6 CVE-2026-6687

FatFs Stack Buffer Overflow via Uncapped exFAT Label Length_CVE-2026-6687

FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec ...

ChaN FatFs CVE
MEDIUM 4.6 CVE-2026-6686

FatFs Use of Uninitialized Clusters After Seek Past EOF_CVE-2026-6686

FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clu...

ChaN FatFs CVE
MEDIUM 6.1 CVE-2026-6685

FatFs Integer Underflow in Dirty-Sector Cache Flush_CVE-2026-6685

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during inter...

ChaN FatFs CVE
MEDIUM 4.6 CVE-2026-6684

FatFs Infinite Loop in GPT Partition Scan_CVE-2026-6684

FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_P...

ChaN FatFs CVE
MEDIUM 4.6 CVE-2026-6683

FatFs Divide-by-Zero in exFAT Sync_CVE-2026-6683

FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync op...

ChaN FatFs CVE
HIGH 7.6 CVE-2026-6682

FatFs Integer Overflow in FAT32 Volume Mount_CVE-2026-6682

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-control...

ChaN FatFs CVE
MEDIUM 5.4 CVE-2026-6283

Stored XSS in DivvyDrive Information Technologies’ DivvyDrive_CVE-2026-6283

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. Divv...

DivvyDrive Information Technologies Inc. DivvyDrive v.4.8.2.23 CVE